CVE-2023-27604

Name of the Vulnerable Software and Affected Versions Apache Airflow Sqoop Provider versions prior to 4.0.0

Description The issue is related to insufficient input validation, which can be exploited by a remote attacker to execute arbitrary code. This can be achieved by passing parameters with connections, making it possible to implement RCE attacks via sqoop import --connect, and obtain Airflow server permissions. The attacker needs to be logged in and have authorization to create or edit connections.

Recommendations To resolve the issue, upgrade to a version that is not affected, specifically version 4.0.0 or later. As a temporary workaround, consider restricting access to the sqoop import --connect command to minimize the risk of exploitation. Additionally, limit the ability to create or edit connections to authorized personnel only.